TSCF Rekey Profile Configuration

Rekeying is a cryptographic technique that enhances security by enforcing the negotiation of existing keys on an ongoing secure connection. Rekeying can be either time-based, in which case new keys are negotiated at the expiration of a timer, or traffic-based, in which case new keys are negotiated when a threshold byte count is exceeded.

Use the following procedure to configure an optional tscf-rekey-profile. Later, you will assign the profile to a specific TSCF interface. If you do not intend to enforce re-keying, this procedure can be safely ignored.

  1. From superuser mode, use the following command sequence to access tscf-rekey-profile configuration mode. 
    ACMEPACKET# configure terminal
ACMEPACKET(configure)# security
ACMEPACKET(security)# tscf
ACMEPACKET(tscf)# tscf-rekey-profile
ACMEPACKET(tscf-rekey-profile)#
  2. Use the name parameter to provide a unique identifier for this tscf-rekey-profile. 
    ACMEPACKET(tscf-rekey-profile)# name tscfRekey01
ACMEPACKET(tscf-rekey-profile)#
  3. Use the initiator parameter to identify the rekey initiator.

    Supported values are client (default) | server (the E-SBC) 

    ACMEPACKET(tscf-rekey-profile)# initiator client
ACMEPACKET(tscf-rekey-profile)#
  4. Use the max-rekey-time parameter to specify the maximum interval (in minutes) between re-keying operations.

    Supported values are 0 (default) | 30 - 1440 (minutes)

    The default value, 0, specifies that time-based rekeying is not enforced; other integer values specify that time-based re-keying must be initiated by the tunnel endpoint designated by the initiator parameter. 

    ACMEPACKET(tscf-rekey-profile)# max-rekey-time 30
ACMEPACKET(tscf-rekey-profile)#
  5. Use the max-rekey-data parameter to specify the maximum traffic exchange (measured in Kb) between rekeying operations.

    The default value, 0, specifies that traffic-based rekeying is not enforced; other integer values specify that traffic-based re-keying must be initiated by the tunnel endpoint designated by the initiator parameter. 

    ACMEPACKET(tscf-rekey-profile)# max-rekey-data 0
ACMEPACKET(tscf-rekey-profile)#
  6. Use done, exit, and verify-config to complete tscf-rekey-profile configuration.
  7. Repeat Steps 1 through 6 to configure additional tscf-rekey-profiles as required.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents